CISA exam

Malicious program code was found in an application and corrected prior to release into production. After the release, the same issue was reported. Which of the following is the IS auditor's BEST recommendation?A . Ensure corrected program code is compiled in a dedicated server.B . Ensure change management reports are...

Spreadsheets are used to calculate project cost estimates. Totals for each cost category are then keyed into the job-costing system. What is the BEST control to ensure that data is accurately entered into the system?A . Reconciliation of total amounts by projectB . Validity checks, preventing entry of character dataC...

Which of the following is the BEST method to safeguard data on an organization's laptop computers?A . Disabled USB portsB . Full disk encryptionC . Biometric access controlD . Two-factor authenticationView AnswerAnswer: B Explanation: The best method to safeguard data on an organization’s laptop computers is full disk encryption. Full...

Which of the following should be the MOST important consideration when conducting a review of IT portfolio management?A . Assignment of responsibility for each project to an IT team memberB . Adherence to best practice and industry approved methodologiesC . Controls to minimize risk and maximize value for the IT...

Which of the following is the BEST data integrity check?A . Counting the transactions processed per dayB . Performing a sequence checkC . Tracing data back to the point of originD . Preparing and running test dataView AnswerAnswer: C Explanation: Data integrity is the property that ensures that data is...

An organizations audit charier PRIMARILY:A . describes the auditors' authority to conduct audits.B . defines the auditors' code of conduct.C . formally records the annual and quarterly audit plans.D . documents the audit process and reporting standards.View AnswerAnswer: A Explanation: An organization’s audit charter primarily describes the auditors’ authority to...

A data breach has occurred due lo malware. Which of the following should be the FIRST course of action?A . Notify the cyber insurance company.B . Shut down the affected systems.C . Quarantine the impacted systems.D . Notify customers of the breach.View AnswerAnswer: C Explanation: The first course of action...

Which of the following is an executive management concern that could be addressed by the implementation of a security metrics dashboard?A . Effectiveness of the security programB . Security incidents vs. industry benchmarksC . Total number of hours budgeted to securityD . Total number of false positivesView AnswerAnswer: A Explanation:...

Which of the following data would be used when performing a business impact analysis (BIA)?A . Projected impact of current business on future businessB . Cost-benefit analysis of running the current businessC . Cost of regulatory complianceD . Expected costs for recovering the businessView AnswerAnswer: D Explanation: The expected costs...

An organization's security policy mandates that all new employees must receive appropriate security awareness training. Which of the following metrics would BEST assure compliance with this policy?A . Percentage of new hires that have completed the training.B . Number of new hires who have violated enterprise security policies.C . Number...